问题描述:
网吧路由被攻击ddos攻击了,怎么查看是谁攻击?
问题解答:
先加规则...
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list \ action=tarpit comment="MikroTik RoS Firewall Filter Rules @Version:1.0b @editer:RIONTA @Date:2008-3-31 @Rules:@压制DoS攻击" disabled=no
add chain=input protocol=tcp connection-limit=10,32 \ action=add-src-to-address-list address-list=black_list \ address-list-timeout=1d comment="MikroTik RoS Firewall Filter Rules @Version:1.0b @editer:RIONTA @Date:2008-3-31 @Rules:@探测DoS攻击" disabled=no
然后去addresslist里的black list查...
有防火墙规则吗/?官方的规则里有一条,在address_black里
正在实施攻击的时候好查,过后如果没有记录是 不好查的